Can you briefly compare FTP vs. TFTP and explain what each is used for?
Both the File Transfer Protocol (FTP) and the Trivial File Transfer Protocol (TFTP) are used to transfer files between systems. FTP is a widely used protocol that allows the remote user to navigate the server's file structure and upload and download files. TFTP is a simplified alternative to FTP that provides no authentication and is most often used to transfer configurations to and from network devices.
Here's the catch: both FTP and TFTP are inherently insecure protocols. They do not use encryption and allow both authentication and file data to traverse the network in the clear. Consider using these protocols only when sharing non-sensitive data with the general public (i.e. operating a public, anonymous download FTP site) or operating in an inherently secure environment (e.g. a private management network).
Fortunately, there is a secure alternative to these protocols. The secure FTP protocol uses the Secure Shell (SSH) protocol to encrypt standard FTP communications and provide confidentiality in transit.
- See why some companies have transitioned to secure FTP servers.
- A SearchSecurity.com reader recently asked Mike Chapple, "What OSI Layer 4 protocol does FTP use to guarantee data delivery?"
Dig Deeper on Data security strategies and governance
Related Q&A from Mike Chapple
Explore the differences between wired and wireless network security, and read up on best practices to ensure security with or without wires. Continue Reading
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading